github-project
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides configuration IDs and project numbers alongside Bash command templates for interacting with a project board on GitHub. These resources are used for legitimate project management tasks and align with the author's identity.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by design, as it involves fetching and displaying content from GitHub issues which could contain untrusted instructions.
- Ingestion points: External data is retrieved via
gh api graphqlandgh issue viewcommands as documented inSKILL.md. - Boundary markers: None are defined; the skill does not specify how the agent should distinguish between its own instructions and content found within retrieved issues.
- Capability inventory: The skill has the
Bashtool enabled, which is used to execute the GitHub CLI commands. - Sanitization: There is no evidence of sanitization or input validation for the data returned from the GitHub API.
Audit Metadata